Authorization algorithms for permission-role assignments

Permission-role assignments (PRA) is one important process in Role-based access control (RBAC) which has been proven to be a flexible and useful access model for information sharing in distributed collaborative environments. However, problems may arise during the procedures of PRA. Conflicting permissions may assign to one role, and as a result, the role with the permissions can derive unexpected access capabilities. This paper aims to analyze the problems during the procedures of permission-role assignments in distributed collaborative environments and to develop authorization allocation algorithms to address the problems within permission-role assignments. The algorithms are extended to the case of PRA with the mobility of permission-role relationship. Finally, comparisons with other related work are discussed to demonstrate the effective work of the paper

A global ticket-based access scheme for mobile users

This article presents a ticket-based access model for mobile services. The model supports efficient authentication of users, services and service providers over different domains. Tickets are used to verify correctness of the requested service as well as to direct billing information to the appropriate user. The service providers can avoid roaming to multiple service domains, only contacting a Credential Centre to certify the user’s ticket since tickets carry all authorization information needed for the requested services. The user can preserve anonymity and read a clear record of charges in the Credential Centre at anytime. Furthermore, the identity of misbehaving users can be revealed by a Trusted Centre